Tuesday, January 31, 2012

Last semester I created a registered student organization for those interested in penetration testing and security at my university. The club I created is focused on self motivated students interested in getting their hands dirty to fill the gap with the theory from class. I'm commonly asked questions about penetration testing, security, networking, Linux, and anything vaguely related. Some questions I don't give answers to because I feel the answer is easily obtainable using Google or a manual page. A fellow student from my university's security club asked me a question about a tool called Ettercap. Ettercap is a free and open source network security tool for man-in-the-middle attacks on LAN. It can be used for computer network protocol analysis and security auditing. It runs on various Unix-like operating systems including Linux, Mac OS X, BSD and Solaris, and on Microsoft Windows. It is capable of intercepting traffic on a network segment, capturing passwords, and conducting active eavesdropping against a number of common protocols.

This is where the problem arose; he asked if there's was an option in Ettercap to create a log file and claimed he couldn't find the answer on Google. This person is usually pretty good about finding information on his own so I assumed he was making a simple mistake. I checked the man page for Ettercap on my own machine and found the proper command line option, -L. Even though I found the answer quickly, I began to wonder why he couldn't find the manual page on Google or even a guide detailing how to use Ettercap; this just didn't make any sense. I started to investigate the issue and quickly realized that both of us were logged into our Google accounts; both of us have search history and personalization enabled as well. I realized that Google was filtering both of our results, and I couldn't simply tell someone to Google a subject anymore; giving the answer "Google it" could potentially return different results when two different people research a given subject. I began to wonder how I could tell two people to research a topic and get the same search results from a given query. This is where I learned about what Eli Pariser calls the "filter bubble".

This made me investigate some of the alternatives to Google. There are quite a few different Google anonymity services such as Scroogle. However, this wasn't exactly getting away from Google. I wanted an alternative that could utilize Google and the other search engines available as well as provide encrypted communications. I remember reading about a search engine called DuckDuckGo on Reddit. I decided to look into DuckDuckGo and give it a try. DuckDuckGo is exactly what I was looking for to solve this problem. I found out you can even utilize DuckDuckGo to search Google, Bing, and other websites. For example:

!g ettercap

!gi ettercap

!gv ettercap

!b ettercap

!bi ettercap

The first query (!g ettercap) searches Google for Ettercap, the second (!gi ettercap) does a Google image search for Ettercap, and the third (!gv ettercap) searches Google videos for Ettercap. The other queries search using Bing instead of Google. The best part is the results you get will be the same as everyone else. I decided to change my Firefox configuration to use the encrypted version of DuckDuckGo in the address bar much like Google Chrome functions. Here's the steps to do it: